• No results found

Verve Security Center

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Verve Security Center"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems

Single solution for whitelisting, anti-virus, patching, control system change management, backup management, and vulnerability assessments

Only whitelisted applications will run. Alerts administrator if unauthorized programs attempt to execute. Whitelisting technology is integrated with anti-virus software

Patches and anti-virus updates can be deployed in a simple and controlled process with minimal impact on operations

Patches, anti-virus updates, and whitelisting databases can be automatic, gapped, or semi air-gapped for more secure environments

Controlled vulnerability scans to identify and eliminate threats

End users can easily identify changes made to control system logic, graphics, databases, firewalls, routers, and switches

Stops unauthorized USB drives from being placed on control system

Backup of critical systems to ensure timely recovery during failures. Images are tested virtually to ensure recoverability

Doesn’t allow any inbound ports into control system

Consolidated and easy to understand alerts and reports with guidance on responding to events Security information & event management (SIEM) provides required long-term consolidated logging, NERC reporting, alerts, and correlation

Verve Security Center

(2)

CIP-003 R6 – Change Control and Configuration Management

Establish and document a process of change control and configuration management related to Critical Cyber Assets

The change management feature of Verve captures modifications to the control system graphics, logic, or database. Changes to system components are logged in the security information & event management (SIEM) component

CIP-005 R1 – Electronic Security Perimeter

Ensure that every Critical Cyber Asset resides within an Electronic Security Perimeter

Combines firewall, whitelisting, anti-virus, patch management, and security information & event management (SIEM) technology into a single solution to ensure endpoints are protected within an Electronic Security Perimeter

CIP-007 R1 – Test Procedures

Ensure that new assets and changes to existing assets do not affect existing cyber security controls

Updates to anti-virus software and patches can be deployed in a controlled method to ensure the process environment is not affected. Changes to control system graphics, logic, database, and networking equipment are captured with ability to retrieve changes

CIP-007 R4 – Malicious Software Prevention

Shall use anti-virus software and other malicious software prevention tools to detect and prevent malware

Verve incorporates a number of malware prevention tools including whitelisting, anti-virus, patch management, and security information & event management (SIEM) technology to detect and prevent threats from entering controls networks. Verve also restricts external USB drives from executing without prior approval

CIP-007 R5 – Account Management

Establish procedural controls for all user activity Provides auditable record of all user activity for both approved/denied applications and files utilizing security information & event management (SIEM) logging

CIP-009 R4 – Backup and Restore

Processes and procedures for backup, storage, testing, and recovery

The optional backup feature of Verve captures full image backups for all critical assets. These backups are virtualized and tested for full functionality and recovery. Backups to key control system files are created and tracked on a daily basis to capture any changes to graphics, logic, database, and network equipment configurations

Overview

NERC CIP Standards

CIP-002 – Critical Cyber Asset Identification CIP-003 – Security Management Controls CIP-004 – Personnel & Training

CIP-005 – Electronic Security Perimeter(s)

CIP-006 – Physical Security of Critical Cyber Assets CIP-007 – Systems Security Management

CIP-008 – Incident Reporting and Response Planning CIP-009 – Recovery Plans for Critical Cyber Assets

The following table describes how the Verve Security Center can help aid in NERC CIP compliance:

Applicable NERC CIP Standards

Rkneal understands these unique intricacies because of our extensive experience designing and implementing control systems specific to the power industry. As a result, Verve was developed to defend against electronic threats and vulnerabilities, help responsible entities plan for occurrences where recovery of critical cyber assets is required, and aid in NERC CIP compliance. However, the real beauty of Verve is that minimal resources are required to maintain this system because it simplifies normal controls network tasks (patching, anti-virus updates, etc.).

The Verve Security Center offers complete protection by consolidating the following components into a centralized security suite: Whitelisting, Anti-virus, Patch Management, Change Management, Backup & Recovery Management (optional), Security Information & Event Management (SIEM), and Vulnerability Scans

The North American Electric Reliability Corporation (NERC) has devised a series of standards to advance the dependability of the bulk power system in North America. In particular, NERC developed eight specific standards categorized as Critical Infrastructure Protection (CIP) that are designed to protect the critical cyber assets (hardware, software, data, and communication networks) essential to the reliability of the bulk power system.

The NERC CIP requirements are based upon existing security practices in the information technology (IT) profession. However, the sensitivity of control system applications not typical to traditional IT structures imposes specific issues that must be addressed to ensure compliance. In addition, the controlled process must not be disrupted by the chosen security package.

Each layer of Verve was designed and selected to minimize the increasing number of cyber attacks. Our security experts provide comprehensive installation, configuration, and training services to curtail the resources necessary for an effective implementation.

End users can scan their controls network to see all available software (product version, product publisher, etc.) and monitor vital information (installed memory, IP address, operating system, etc.) on protected endpoints. Verve also possesses the ability to monitor all USB devices and executable content introduced to your system.

Total visibility aptitudes include:

Minimize Security Threats

User responsible for introducing the executable content Where the file was first detected on your system

When the file was first discovered by the Verve server How many endpoints contain the file

(3)

Whitelisting

Rather than operating reactively to the growing list of known viruses, worms, and Trojans, Verve proactively blocks any unapproved executable content from running via whitelisting. Anti-virus has been proven to only block about 30% of potential threats. However, whitelisting is much more effective because it ensures only approved applications are enabled to run on your controls network.

Verve baselines all required applications and allows them to run without disruption while blocking all unsanctioned solicitations. Alerts are sent to system administrators if these programs attempt to run. System administrators then have the ability to approve or deny these applications.

Whitelisting capabilities include:

Ability to lock down any or all protected computers if threat is discovered

Prevent malware and data loss. Also protects against previously unknown computer threats Continuous monitoring of all software and portable devices with ability to enforce corporate compliance. This includes devices that are disconnected from the server (i.e. laptops)

Ability to customize levels of protection for each individual endpoint

Anti-virus

In theory, anti-virus software is not needed if whitelisting has been configured. However, anti-virus software has been added to Verve for three simple reasons:

NERC CIP standards currently still require it

Anti-virus software is essential to ensure viruses are not present on your controls network prior to the implementation of whitelisting

Multi-layer threat protection

In order for anti-virus software to be effective, virus definitions need to be up-to-date. Due to the sensitivity of controls networks, once updates have been stored on the Verve server they can deployed to protected endpoints in a controlled method to ensure the process environment is not affected.

Patch Management

The main objective of a patch management program is to create a consistently designed structure that is secure against known vulnerabilities within an operating system and/or software. However, managing updates for multiple endpoints can be an exhaustive endeavor and typically system administrators are also taxed with the consumption and screening of information regarding both security matters and patch releases. This effort becomes even more complicated when additional platforms and accessibility requirements are present.

The time it takes for several original equipment manufacturers (OEM) to approve Windows patches, adds to this complexity. Verve’s patch management component helps simplify this process.

Patch management features include:

Updates for approved software is automatically downloaded (unless air-gapped) Ability to patch multiple operating system types (Windows, Unix)

Controlled and easy patch deployment to multiple machines and test groups Reduces time allocated to keeping computers compliant

Automates OEM vendor approved patching

Change Management

Proper documentation is the leading culprit for NERC CIP audit violations. To help avoid this scenario, Verve incorpo-rates an audit trail to track changes made to any control system graphics, logic, database, or networking files. These changes are then logged in the Verve database.

Change management features include:

Allows plant personnel to track control network changes to graphics, logic, database files, networking code, and any another other readable file

Email notifications can be configured to inform plant personnel of changes Auditable records

(4)

Backup & Recovery Management

Quality backups are one of the most critical activities associated with proper asset protection. Unfortunately, backups are often overlooked until it is too late and a machine or hard drive has failed. This undoubtedly causes operational headaches since time is of the essence.

Verve’s backup feature allows users to schedule backups according to your sites specific needs. Once backups have been completed, each backup is tested for recovery using virtualization techniques. Verve captures both image and custom control system vendor backups that an end user can recover a whole machine to, (even dissimilar hardware) saving days if not weeks of locating software, licenses, drivers, OEM software, etc.

Typically Managed by IT

Mark V PC's

Vlan's Vlan's

SCADA PC's

Wireless

DCS Firewall/Router Plant Firewall

ABB PPA/PPB Unit 3 Mark V Switch

Unit 2 DeltaV Switch Unit 1 Ovation Root

Switch

Ovation PC's DeltaV PC's

800xa PC's PPA/PPB PC's Corporate Firewall

Relay DMZ

Patches, Anti-virus

Internet Corporate Network

SCADA PC's CEMS PC's Common Devices (CEMS, RTU, PLC)

Hydro PC's

Typical Verve Network Layout

Security Information & Event Management (SIEM)

Fueled by IT audits, standards, and regulatory compliance, SIEM systems are increasingly being installed to automate the analysis process of security, network, and application logs. SIEM technology offers real-time analysis of security alerts and significantly reduces the time between threat detection and the elimination of those threats by continuously monitoring your controls network for suspicious activity. This includes both internal and external threats. Adding a SIEM solution to the Verve Security Center provides yet another layer of protection and the ability to provide customized NERC reporting and correlate security events to help prevent suspicious activity.

(5)

neal

Rkneal is a certified Women’s Business Enterprise (WBE) specializing in design, engineering, and technical services. Our engineers possess extensive experience with every major distributed control system (DCS) and programmable logic controller (PLC) currently on the market. In addition to automation controls, Rkneal provides services related to NERC CIP compliance, cyber security, real-time historians, electrical design, NFPA burner management design & review, and startup & commissioning.

Contact Rkneal today to learn how the Verve Security Center can minimize cyber-security threats on your controls network.

About Rkneal

Paducah

1640 McCracken Blvd. Paducah, KY 42001

270.442.9880

St. Louis

1010 Market Street, Suite 550 St. Louis, MO 63101

314.754.8814

References

Download now ( PDF - 5 Page - 1.21 MB )

Related documents

Emergic. A Complete Messaging & Security Suite A COMPLETE MESSAGING AND SECURITY SUITE

Remote User Management: The Admin can remotely manage users related tasks such as addition, deletion, change password, proxy access, POP account setup, mail limit and change of

GE Measurement & Control. Cyber Security for Industrial Controls

The solution supports cyber security best practices such as centralized patch management, anti-virus/host intrusion detection updates, account management, logging and event

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials

The most critical element of the McAfee Server Security Suite Essentials, of course, is the protection capabilities for data center systems; and McAfee’s endpoint security tools in

Magic Quadrant for Endpoint Protection Platforms

• The base LANDesk Security Suite includes an anti-spyware signature engine (Lavasoft), patch management, vulnerability management, HIPS, device control compliance, standard

Trondheim. Sastamala. Helsingfors. Hamar Oslo. Tallinn. Solna. Göteborg. Åseda Riga. Köpenhamn. Amsterdam Reeuwijk. Karlsruhe. Wiener Neudorf.

Financial services are offered by the Financial Companies Group comprising Svea Ekonomi AB, the branches Svea Finans NUF in Norway, Svea Ekonomi AB in Finland, and the wholly

DON T BE AN EASY TARGET

CENTRAL MANAGEMENT Security Management Patch Management Device Management NETWORK PROTECTION Secure Mobile VPN Email Filtering and Security.

srs for attendance management system

Attendance Percentage of each student in every subject would be displayed in this list Also, the system allows the professor to view pertinent statistics on student’s

Program/Project Management Series Work Breakdown Structure Reference Guide

To provide the responsible cost account manager with technical, schedule, and cost information needed to manage the organization's work on the WBS element for which it is